Safety Verification of Uncertain Max-Plus-Linear Systems

In this work, we discussed the verification of autonomous uncertain Max-Plus-Linear (uncertain MPL) systems with respect to safety property by using the reachability analysis approach. More precisely, given an uncertain MPL system, a nonempty set of initial conditions, a time horizon and an unsafe set, we want to determine whether the state can reach the unsafe set within the given time horizon. If the unsafe set is reachable, then the system is not safe. Otherwise, the system is safe. Our approach uses the piecewise affine representation of MPL systems to compute the reachable sets exactly.


Safety Verification of Uncertain Max-Plus-Linear Systems
Aditya Putra Pratama, Subchan and Dieky Adzkiya Abstract-In this work, we discussed the verification of autonomous uncertain Max-Plus-Linear (uncertain MPL) systems with respect to safety property by using the reachability analysis approach.More precisely, given an uncertain MPL system, a nonempty set of initial conditions, a time horizon and an unsafe set, we want to determine whether the state can reach the unsafe set within the given time horizon.If the unsafe set is reachable, then the system is not safe.Otherwise, the system is safe.Our approach uses the piecewise affine representation of MPL systems to compute the reachable sets exactly.
Index Terms-Max-Plus algebra, uncertain systems, transition systems, safety verification.

I. INTRODUCTION
M AX-PLUS-LINEAR (MPL) systems are a class of dis- crete event systems that represents only synchronization and time delay phenomena.The synchronization in MPL systems are modeled thanks to maximization between several events.The algebraic structures of MPL systems are a maxplus algebra.The max-plus algebra is an idempotent semiring, an algebraic structure with two binary operations, i.e. sum (⊕) and product (⊗) are defined as maximum and addition, respectively.MPL systems are used for the analysis and scheduling of manufacturing systems, infrastructure networks such as telecommunication and railway systems, etc. [1], [2].
MPL systems are deterministic systems since the entries of the matrix system are assumed to be fixed.If the entries of the matrix systems are not fixed and assumed to be an arbitrary value within an interval, the systems are called uncertain MPL systems.This condition is consistent with the assumption of the models that the entries of the matrix systems are subject to noise and also disturbances.
Safety analysis of a system is one of the most important aspects.It is used to guarantee that the system is in a safe condition.Formally, given a system, a nonempty set of initial conditions, a time horizon and an unsafe set, we want to determine whether the state can reach the unsafe set within the given time horizon.If the unsafe set is reachable, then the system is not safe.Otherwise, the system is safe.One of the methods used to analyze the safety of a system is using reachability analysis.In the method of reachability analysis, we can use forward reachability or backward reachability.The reachability analysis on the MPL systems have been discussed Manuscript received January 23, 2018; accepted July 27, 2018.The authors are with the Department of Mathematics, Faculty of Mathematics, Computing, and Data Sciences, Institut Teknologi Sepuluh Nopember, Surabaya, Indonesia.E-mails: aditya.math2012@gmail.com,{subchan,dieky}@matematika.its.ac.id in [3], [4].Then the theory of reachability analysis is extended to the uncertain MPL system in [5].
In this work, we verify the safety of uncertain MPL system using reachability analysis inspired by the procedure in [4].In Section II, the literature review of DBM, max-plus algebra, uncertain MPL systems and reachability analysis of the uncertain MPL systems was presented.Furthermore, in Section III we discussed about the procedure for verifying the uncertain MPL system.At last, in the conclusion, the safety level condition of uncertain MPL systems was concluded.

A. Difference-Bound Matrices
The Difference Bound Matrices (DBM) are characterized by the difference of two variables.More formally, the definition of DBM is given as follows: Definition 2.1: A DBM is a square matrix that represents the intersection of finitely many sets in R n defined by x j − x i i, j a i, j where i, j ∈ {<, ≤} represents strictness of the sign and a i, j ∈ R ∪ {+∞} is the upper bound, for i, j ∈ {0, . . ., n}.
The value of special variable x 0 is always equal to 0. This variable is used to represent sets defined by single variable, such as x i i,i a i,i .
A DBM can be represented as a matrix, where the entries are a pair of the upper bound and strictness of the sign.We use the column-row rules, i.e. the element of the matrix at row i and column j is associated with x j−1 − x i−1 .Suppose that the element of the matrix at row i and column j is denoted by (a i, j , i, j ).This means x j−1 − x i−1 i, j a i, j .We define i,i =≤ and a i,i = 0, which means x i − x i ≤ 0 for all i.For example, we have There are some operations defined on DBM such as intersection, complement, canonical form, orthogonal projection, image w.r.t. an affine dynamic and also the inverse image w.r.t. an affine dynamic.The interested reader is referred to [6] for the details.

B. Max-Plus Algebra
Max-plus algebra is an idempotent semiring with two binary operations, i.e. maximum and addition.Let R ε := R ∪ {−∞} be a set equipped with two binary operations: sum (⊕) and product (⊗), defined by: for all a, b ∈ R ε .Note that the neutral element w.r.t.maximization and addition operators in R ε is ε := −∞ and 0, respectively.Furthermore, the operation ⊕ and ⊗ on matrices is defined as follows: Notice that the rule is analogue to the conventional algebra, where we replace the usual addition by maximization and the usual multiplication by the usual addition.The notation [A] i, j represents an element in the matrix A on the i-th row and j-th column.Generally, the precedence of operations in maxplus algebra domain is similar to those in conventional algebra domain: ⊗ has higher precedence than ⊕.

C. Uncertain Max-Plus-Linear Systems
In this subsection, we describe the autonomous MPL systems and uncertain MPL systems.First, we describe the autonomous MPL systems, which is defined as follows: where A ∈ R m×n ε is the deterministic state matrix, variable k represents the occurrence index, vector x (k) is the time of kth occurrence of all events.Furthermore, x i (k) represents the time of k-th occurrence of i-th event.
If some entries in the state matrix in (1) depends on k and the entries belong to an interval, then the MPL systems are called uncertain MPL systems.The uncertain MPL systems are defined by where A (k) ∈ A, A is a non-deterministic matrix with A and A respectively represent upper bound and lower bound matrix.The interpretation of state vector x in uncertain MPL systems is the same with MPL systems.

D. Piecewise Affine Representation
An MPL system (1) can be represented as a Piecewise Affine (PWA) system [7].PWA systems are characterized by a collection of regions and the dynamics within each region is affine, i.e. linear plus a constant term.Each region is characterized by finite coefficient g = (g 1 , . . ., g n ) ∈ {1, . . ., n} n , where n is dimension of the MPL system [3].The region associated with finite coefficient g is and the corresponding affine dynamics is In [5], the uncertain MPL systems (2) can be partitioned according to the upper bound state matrix A. In this case, each region is also characterized by finite coefficient g = (g 1 , . . ., g n ) ∈ {1, . . ., n} n .The region corresponding to finite coefficient g is and the associated dynamics is Notice that the dynamics can be expressed as a DBM over state variables at time k and k − 1.

E. Reachability of Uncertain MPL Systems
Reachability analysis of uncertain MPL systems has been investigated in [5].There are two approaches for the reachability analysis of the uMPL system, i.e. forward reachability and backward reachability.
Let X ⊆ R n be a DBM and A ∈ A, A be an interval maxplus matrix.The procedure to compute the image of X w.r.t.A has been discussed in [5].The procedure is as follows: 1) generate PWA system from the upper bound of the interval max-plus matrix A; 2) for each finite coefficient g such that X ∩R u g is not empty, first compute the cross product (X ∩R u g )× R n , then compute the intersection of the cross product and the corresponding affine dynamics, finally compute the projection of the intersection w.r.t.state variables at the next event step.
Given an uncertain MPL system, a nonempty set of initial conditions X 0 , the set of states reachable at the k-th event steps can be recursively calculated as follows where X k is the states reachable at event step k.The procedure to compute the image of the states reachable at event step k −1 w.r.t. the interval max-plus matrix has been described in the preceding paragraph.Let X ⊆ R n be a DBM and A ∈ A, A be an interval maxplus matrix.The procedure to compute the inverse image of X w.r.t.A has been discussed in [5].The procedure is as follows: 1) generate PWA system from the upper bound of the interval max-plus matrix A; 2) compute the cross product R n × X; 3) for each finite coefficient g such that the intersection of the corresponding affine dynamics and R n × X is not empty, first compute the intersection of the corresponding affine dynamics and R n ×X and then compute the projection of the intersection w.r.t. the state variables at the previous event step.
Given an uncertain MPL system, a nonempty set of final conditions X 0 , the set of states reachable at the k-th event steps can be recursively calculated as follows where X −k is the states that are able to reach the set of final conditions in k event steps.The procedure to determine the inverse image of X −k+1 has been described in the previous paragraph.

III. SAFETY VERIFICATION OF UNCERTAIN MPL SYSTEMS
In this section, we discuss the safety verification of uncertain MPL systems.The procedure for the safety verification of uncertain MPL systems is similar to the procedure for for MPL systems [4].We can use either forward or backward reachability.
If we use forward reachability, the procedure is as follows.Given an uncertain MPL system, a nonempty set of initial conditions X 0 , a time horizon N and an unsafe set U s .Initially, we compute the states reachable at event step 1, . . ., N denoted by X 1 , . . ., X N .If there exists a 0 ≤ k ≤ N such that X k ∩U s = / 0, then the uMPL system is unsafe.Otherwise, the system is safe.
If we use backward reachability, the procedure is as follows.Given an uncertain MPL system, a nonempty set of initial conditions X 0 , a time horizon N and an unsafe set U s .Initially, we define the unsafe set as the set of final conditions X 0 .Then, we compute X −1 , . . ., X −N .If there exists −N ≤ k ≤ 0 such that X k ∩ X 0 = / 0, then the system is not safe.Otherwise, the system is safe.

IV. A NUMERICAL EXAMPLE
Consider the uncertain MPL system (2) where the set of initial conditions is defined as X 0 = x ∈ R 2 : −1 ≤ x 1 ≤ 5, 0 ≤ x 2 ≤ 2 , the time horizon is N = 2 and the unsafe set We use forward-reachability approach to verify whether the above uMPL system is safe.